Help Mbam or Hijackthis doesn't work.. nothing will.

[ItsBrucey]

Cannot download these files unless renamed. I get an error if i try to open and download them unless renamed. Once renamed they start up and quit out right away... Please help.

Thanks.

[kahdah]

Hello ItsBrucey

Welcome to Malwarebytes.

Please try to run the following if you cannot then stop and tell me.

=====================

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

===========

Download This file. Note its name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  
• Click on this link to see a list of programs that should be disabled.
  
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  
• Allow the driver to load if asked.
  
• You may be prompted to scan immediately if it detects rootkit activity.
  
• If you are prompted to scan your system click "Yes" to begin the scan.
  
• If not prompted, click the "Rootkit/Malware" tab.
  
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  
• Select all drives that are connected to your system to be scanned.
  
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
  
• When the scan is finished, click Save to save the scan results to your Desktop.
  
• Save the file as Results.log and copy/paste the contents in your next reply.
  
• Exit the program and re-enable all active protection when done.
  

[ItsBrucey]

OTL LOG

OTL logfile created on: 9/2/2009 7:04:13 PM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.37% Memory free

3.84 Gb Paging File | 3.56 Gb Available in Paging File | 92.77% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 23.50 Gb Free Space | 63.08% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: WELLS-DC6FB4F6E

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\ibmpmsvc.exe ()

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe (Microsoft Corp.)

PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)

PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\System32\ibmpmsvc.exe ()

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)

DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys (IBM Corp.)

DRV - (NSCIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys (National Semiconductor Corporation)

DRV - (portio [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NscTpmDD.sys (National Semiconductor Corp.)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\vinyl97.sys (VIA Technologies, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"

FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=SOLTDF&q="

FF - prefs.js..browser.search.selectedEngine: "Live Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.48

FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=SOLTDF&q="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/05 16:00:09 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/06 20:32:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/06 20:32:23 | 00,000,000 | ---D | M]

[2009/06/05 17:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions

[2009/06/05 15:58:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/06/05 17:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\mozswing@mozswing.org

[2009/08/05 21:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z8zu1mi8.default\extensions

[2009/07/01 06:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z8zu1mi8.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}

[2009/06/08 22:04:27 | 00,001,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\z8zu1mi8.default\searchplugins\live-search.xml

[2009/08/05 21:20:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/08/06 20:32:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/06/05 16:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009/06/06 19:10:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/08/06 20:32:17 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/08/06 20:32:17 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/08/06 20:32:17 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/04/23 18:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/04/23 18:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/04/23 18:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/04/23 18:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/04/23 18:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/04/23 18:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/04/23 18:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (VINMaker) - {6B3E26A3-C1E2-4125-8C8F-F1303F748C3A} - C:\WINDOWS\System32\kdpini.dll ()

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File not found

O2 - BHO: () - {93E601D3-978D-4D52-AC7F-D541E5F7CA51} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~2F3.dll File not found

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (Maniqute) - {F70F6880-3A4B-11DE-8230-0B7C55D89593} - C:\WINDOWS\System32\kusers.dll (Generic Research Inc.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PrivacyCenter - {5199201E-60B4-11DE-85CF-260556D89593} - C:\Program Files\PrivacyCenter\protector.exe File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\baffddbedb: DllName - C:\WINDOWS\system32\baffddbedb.dll - C:\WINDOWS\System32\baffddbedb.dll ()

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File not found

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/03 17:12:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{b52f34ab-50c0-11de-9e50-00164110d157}\Shell - "" = AutoRun

O33 - MountPoints2\{b52f34ab-50c0-11de-9e50-00164110d157}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b52f34ab-50c0-11de-9e50-00164110d157}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\Shell32.DLL -- [2009/02/01 02:59:57 | 08,462,336 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/02 19:02:20 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2009/08/16 20:54:37 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll

[2009/08/16 20:54:37 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll

[2009/08/16 20:54:37 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys

[2009/08/16 20:54:37 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll

[2009/08/16 18:04:47 | 04,134,912 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\content_m.xml

[2009/08/16 18:04:47 | 03,557,888 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\backup.dll

[2009/08/16 18:04:47 | 03,509,248 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\WinAntiSpyware2006FreeInstall[1].exe

[2009/08/16 18:04:47 | 03,031,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\flylib.dll

[2009/08/16 18:04:47 | 02,915,328 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\nwnmff_8.exe

[2009/08/16 18:01:42 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17400.exe

[2009/08/16 18:01:29 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/08/16 17:55:06 | 00,000,000 | ---D | C] -- C:\_OTM

[2009/08/16 17:50:01 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe

[2009/08/16 17:50:01 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe

[2009/08/16 17:49:53 | 00,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll

[2009/08/16 17:49:46 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll

[2009/08/16 17:49:37 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll

[2009/08/16 17:49:16 | 02,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll

[2009/08/16 17:48:41 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009/08/16 17:13:50 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll

[2009/08/16 17:09:36 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

[2009/08/16 16:27:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files

[2009/08/16 16:03:41 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2009/08/07 09:12:06 | 02,853,376 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ibm00003.exe

[2009/08/07 09:12:06 | 02,017,792 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\msplug.dll

[2009/08/07 09:12:06 | 01,122,304 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\spcksys.dll

[2009/08/07 09:12:06 | 00,544,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jukebox.scr

[2009/08/07 09:12:06 | 00,281,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\drsmartload95a.exe

[2009/06/28 11:34:08 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/06/21 00:05:34 | 00,192,528 | ---- | C] () -- C:\WINDOWS\System32\kdpini.dll

[2009/06/08 17:12:31 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\SKYNETiewapjet.dll

[2009/06/08 17:12:30 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\SKYNETetxxtqgf.sys

[2009/06/08 17:12:30 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\SKYNETpjjhmfci.dll

[2009/06/03 18:39:59 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\tpinspm.dll

[2009/06/03 17:03:10 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2009/06/03 17:03:10 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2009/06/03 17:03:10 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/04/14 06:00:00 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini

[2008/04/14 06:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2004/07/04 00:04:16 | 00,281,103 | ---- | C] () -- C:\WINDOWS\System32\baffddbedb.dll

[2003/06/24 14:43:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

========== Files - Modified Within 30 Days ==========

[2009/09/02 19:02:21 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2009/09/02 18:58:10 | 00,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{53F163D4-34E9-48EA-BEB8-9A4FD6B30A83}.job

[2009/09/02 13:58:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/01 23:47:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/01 23:47:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/08/31 11:06:17 | 02,689,772 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2009/08/31 10:50:29 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/08/31 10:49:19 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2009/08/16 18:04:47 | 04,134,912 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\content_m.xml

[2009/08/16 18:04:47 | 03,557,888 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\backup.dll

[2009/08/16 18:04:47 | 03,509,248 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\WinAntiSpyware2006FreeInstall[1].exe

[2009/08/16 18:04:47 | 03,031,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\flylib.dll

[2009/08/16 18:04:47 | 02,915,328 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\nwnmff_8.exe

[2009/08/16 18:01:23 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17400.exe

[2009/08/07 09:14:30 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/07 09:12:06 | 02,853,376 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ibm00003.exe

[2009/08/07 09:12:06 | 02,017,792 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\msplug.dll

[2009/08/07 09:12:06 | 01,122,304 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\spcksys.dll

[2009/08/07 09:12:06 | 00,544,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jukebox.scr

[2009/08/07 09:12:06 | 00,281,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\drsmartload95a.exe

[2009/08/05 03:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll

[2009/08/05 03:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

========== LOP Check ==========

[2009/09/02 13:58:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data

[2009/06/06 18:52:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo

[2009/06/06 18:39:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iPod Copy Expert

[2009/09/02 14:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire

[2009/06/03 18:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search

[2009/06/05 16:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search

[2009/06/06 18:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WindSolutions

[2009/06/25 22:27:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/06/06 12:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/06/25 22:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\13323434

[2009/06/25 22:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\93333426

[2009/06/17 02:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/06/06 18:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions

[2009/06/19 20:04:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2008/04/14 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/09/01 23:47:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/09/02 18:58:10 | 00,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{53F163D4-34E9-48EA-BEB8-9A4FD6B30A83}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

[ItsBrucey]

EXTRAS LOG

OTL Extras logfile created on: 9/2/2009 7:04:13 PM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.37% Memory free

3.84 Gb Paging File | 3.56 Gb Available in Paging File | 92.77% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 23.50 Gb Free Space | 63.08% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: WELLS-DC6FB4F6E

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr

"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar

"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar

"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager

"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)

"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes

"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ENTERPRISE" = Microsoft Office Enterprise 2007

"LimeWire" = LimeWire 5.1.3

"Microsoft Silverlight" = Microsoft Silverlight

"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Power Management Driver" = IBM ThinkPad Power Management Driver

"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows Rights Management Client" = Windows Rights Management Client with Service Pack 2

"Windows Rights Management Client Backwards" = Windows Rights Management Client Backwards Compatibility SP2

"Windows Sidebar" = Windows Sidebar

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/16/2009 10:53:20 PM | Computer Name = WELLS-DC6FB4F6E | Source = Application Error | ID = 1000

Description = Faulting application caleb.exe, version 4.8.0.0, faulting module unknown,

version 0.0.0.0, fault address 0x00000000.

Error - 8/17/2009 12:46:50 PM | Computer Name = WELLS-DC6FB4F6E | Source = Application Error | ID = 1000

Description = Faulting application caleb.exe, version 4.8.0.0, faulting module unknown,

version 0.0.0.0, fault address 0x00000000.

Error - 9/2/2009 1:31:27 AM | Computer Name = WELLS-DC6FB4F6E | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.21073, faulting

module uacxrkkvrdovjsxvlc.dll, version 0.0.0.0, fault address 0x00003973.

Error - 9/2/2009 1:36:51 AM | Computer Name = WELLS-DC6FB4F6E | Source = Application Error | ID = 1000

Description = Faulting application mbam-setup.exe, version 1.40.0.0, faulting module

mbam-setup.exe, version 1.40.0.0, fault address 0x00009a94.

Error - 9/2/2009 1:38:30 AM | Computer Name = WELLS-DC6FB4F6E | Source = Application Error | ID = 1000

Description = Faulting application mbam-setup.exe, version 1.40.0.0, faulting module

mbam-setup.exe, version 1.40.0.0, fault address 0x00009a94.

Error - 9/2/2009 1:40:25 AM | Computer Name = WELLS-DC6FB4F6E | Source = Application Error | ID = 1000

Description = Faulting application mbam-setup.exe, version 1.40.0.0, faulting module

mbam-setup.exe, version 1.40.0.0, fault address 0x00009a94.

Error - 9/2/2009 1:41:21 AM | Computer Name = WELLS-DC6FB4F6E | Source = Application Error | ID = 1000

Description = Faulting application mbam-setup.exe, version 1.40.0.0, faulting module

mbam-setup.exe, version 1.40.0.0, fault address 0x00009a94.

Error - 9/2/2009 1:41:49 AM | Computer Name = WELLS-DC6FB4F6E | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 9/2/2009 1:41:49 AM | Computer Name = WELLS-DC6FB4F6E | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

Error - 9/2/2009 1:45:46 AM | Computer Name = WELLS-DC6FB4F6E | Source = Application Error | ID = 1000

Description = Faulting application mbam-setup.exe, version 1.40.0.0, faulting module

mbam-setup.exe, version 1.40.0.0, fault address 0x00009a94.

[ System Events ]

Error - 9/2/2009 1:37:37 AM | Computer Name = WELLS-DC6FB4F6E | Source = Service Control Manager | ID = 7034

Description = The iPod Service service terminated unexpectedly. It has done this

1 time(s).

Error - 9/2/2009 1:37:38 AM | Computer Name = WELLS-DC6FB4F6E | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 9/2/2009 1:38:09 AM | Computer Name = WELLS-DC6FB4F6E | Source = Service Control Manager | ID = 7034

Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 9/2/2009 1:38:48 AM | Computer Name = WELLS-DC6FB4F6E | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 2 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 9/2/2009 1:38:55 AM | Computer Name = WELLS-DC6FB4F6E | Source = Service Control Manager | ID = 7034

Description = The HTTP SSL service terminated unexpectedly. It has done this 1

time(s).

Error - 9/2/2009 1:38:57 AM | Computer Name = WELLS-DC6FB4F6E | Source = Service Control Manager | ID = 7034

Description = The WebClient service terminated unexpectedly. It has done this 1

time(s).

Error - 9/2/2009 1:39:00 AM | Computer Name = WELLS-DC6FB4F6E | Source = Service Control Manager | ID = 7034

Description = The TCP/IP NetBIOS Helper service terminated unexpectedly. It has

done this 1 time(s).

Error - 9/2/2009 1:39:00 AM | Computer Name = WELLS-DC6FB4F6E | Source = Service Control Manager | ID = 7031

Description = The Remote Registry service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 1000 milliseconds:

Restart the service.

Error - 9/2/2009 1:39:00 AM | Computer Name = WELLS-DC6FB4F6E | Source = Service Control Manager | ID = 7034

Description = The SSDP Discovery Service service terminated unexpectedly. It has

done this 1 time(s).

Error - 9/2/2009 1:39:07 AM | Computer Name = WELLS-DC6FB4F6E | Source = Service Control Manager | ID = 7034

Description = The DNS Client service terminated unexpectedly. It has done this

1 time(s).

< End of report >

[ItsBrucey]

GMER LOG

GMER 1.0.15.15077 [ii9vvy9c.exe] - http://www.gmer.net

Rootkit scan 2009-09-02 19:31:07

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code ef6c3899705d7db453751ff210073ae1.sys (ckmd/Noves Inc) ZwCreateKey [0xBA8BBC8E]

Code 899C98B6 ZwEnumerateKey

Code 899CF418 ZwFlushInstructionCache

Code ef6c3899705d7db453751ff210073ae1.sys (ckmd/Noves Inc) ZwOpenKey [0xBA8BBC10]

Code ef6c3899705d7db453751ff210073ae1.sys (ckmd/Noves Inc) ZwQueryDirectoryFile [0xBA8BB999]

Code ef6c3899705d7db453751ff210073ae1.sys (ckmd/Noves Inc) IoCreateFile

Code 899C8AE6 IofCallDriver

Code 899C894E IofCompleteRequest

Code ef6c3899705d7db453751ff210073ae1.sys (ckmd/Noves Inc) NtQueryDirectoryFile

Code 899D4395 ZwSaveKey

Code 899D4A75 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 899C8AEB

.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 899C8953

.text ntkrnlpa.exe!ZwSaveKey 804FEDD4 5 Bytes JMP 899D439A

.text ntkrnlpa.exe!ZwSaveKeyEx 804FEDE8 5 Bytes JMP 899D4A7A

PAGE ntkrnlpa.exe!IoCreateFile 8056BB8C 5 Bytes JMP BA8BB872 ef6c3899705d7db453751ff210073ae1.sys (ckmd/Noves Inc)

PAGE ntkrnlpa.exe!NtQueryDirectoryFile 8056F0F4 5 Bytes JMP BA8BB99D ef6c3899705d7db453751ff210073ae1.sys (ckmd/Noves Inc)

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEF0 5 Bytes JMP 899CF41C

PAGE ntkrnlpa.exe!ZwCreateKey 8061A360 5 Bytes JMP BA8BBC92 ef6c3899705d7db453751ff210073ae1.sys (ckmd/Noves Inc)

PAGE ntkrnlpa.exe!ZwEnumerateKey 8061ABA0 7 Bytes JMP 899C98BA

PAGE ntkrnlpa.exe!ZwOpenKey 8061B732 5 Bytes JMP BA8BBC14 ef6c3899705d7db453751ff210073ae1.sys (ckmd/Noves Inc)

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe[488] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0088000A

.text C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe[488] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0089000A

.text C:\WINDOWS\system32\winlogon.exe[684] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0064000A

.text C:\WINDOWS\system32\winlogon.exe[684] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0065000A

.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0064000A

.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0065000A

.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 006F000A

.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0072000A

.text C:\WINDOWS\Explorer.EXE[888] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C0000A

.text C:\WINDOWS\Explorer.EXE[888] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00C1000A

.text C:\WINDOWS\system32\ibmpmsvc.exe[904] ntdll.dll!LdrLoadDll 7C915CD3 3 Bytes JMP 0092000A

.text C:\WINDOWS\system32\ibmpmsvc.exe[904] ntdll.dll!LdrLoadDll + 4 7C915CD7 1 Byte [84]

.text C:\WINDOWS\system32\ibmpmsvc.exe[904] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0093000A

.text C:\WINDOWS\system32\igfxtray.exe[912] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0099000A

.text C:\WINDOWS\system32\igfxtray.exe[912] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 009A000A

.text C:\WINDOWS\System32\alg.exe[1116] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 006F000A

.text C:\WINDOWS\System32\alg.exe[1116] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0070000A

.text C:\WINDOWS\system32\ctfmon.exe[1172] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0098000A

.text C:\WINDOWS\system32\ctfmon.exe[1172] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0099000A

.text C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe[1240] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A2000A

.text C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe[1240] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00A3000A

.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0097000A

.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0098000A

.text C:\WINDOWS\system32\hkcmd.exe[1832] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0095000A

.text C:\WINDOWS\system32\hkcmd.exe[1832] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0096000A

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1856] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 006D000A

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1856] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 006E000A

.text C:\Program Files\Bonjour\mDNSResponder.exe[1880] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0071000A

.text C:\Program Files\Bonjour\mDNSResponder.exe[1880] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0072000A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1940] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 006E000A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1940] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 006F000A

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2024] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 008A000A

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2024] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 008B000A

.text C:\ii9vvy9c.exe[2136] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009E000A

.text C:\ii9vvy9c.exe[2136] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 009F000A

.text C:\WINDOWS\system32\igfxpers.exe[2152] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0093000A

.text C:\WINDOWS\system32\igfxpers.exe[2152] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0094000A

.text C:\Program Files\Java\jre6\bin\jusched.exe[2320] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00BA000A

.text C:\Program Files\Java\jre6\bin\jusched.exe[2320] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00BB000A

.text C:\Program Files\iTunes\iTunesHelper.exe[2372] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00BA000A

.text C:\Program Files\iTunes\iTunesHelper.exe[2372] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00BB000A

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2464] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0093000A

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2464] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0094000A

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A0000A

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00A1000A

.text C:\Program Files\Windows Sidebar\sidebar.exe[2516] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00DD000A

.text C:\Program Files\Windows Sidebar\sidebar.exe[2516] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00DE000A

.text C:\Program Files\Messenger\msmsgs.exe[2628] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A8000A

.text C:\Program Files\Messenger\msmsgs.exe[2628] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00A9000A

.text C:\WINDOWS\system32\igfxsrvc.exe[2744] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0094000A

.text C:\WINDOWS\system32\igfxsrvc.exe[2744] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0095000A

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 008B000A

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 008C000A

.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00DD000A

.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00DE000A

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2856] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0093000A

.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2856] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0094000A

.text C:\Program Files\iPod\bin\iPodService.exe[3120] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0073000A

.text C:\Program Files\iPod\bin\iPodService.exe[3120] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0074000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A0000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00A1000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35295F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3528E0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352924 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35286C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3528A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E35299A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20182A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] ole32.dll!OleLoadFromStream 775297D5 5 Bytes JMP 3E352B5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] WININET.dll!HttpAddRequestHeadersA 3D93FB35 5 Bytes JMP 00DE000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] WININET.dll!HttpAddRequestHeadersW 3D9AD611 5 Bytes JMP 00ED000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] WS2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3292] WS2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorLength] [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorControl] [77DE4BB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!IsValidSecurityDescriptor] [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!ImpersonateNamedPipeClient] [77DD7426] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegisterEventSourceW] [77DF803C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!ReportEventW] [77DF3681] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!DeregisterEventSource] [77DF79D3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!IsValidSid] [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!CopySid] [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction040] [77DF7014] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction041] [77DEE4D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!MakeSelfRelativeSD] [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction036] [77DD82A2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueA] [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!TraceMessage] [77E2B355] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SetThreadToken] [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaOpenPolicy] [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaQueryInformationPolicy] [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaFreeMemory] [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaClose] [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!SystemFunction035] [77DE8185] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [77DFBB8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [77DD73A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DuplicateEncryptionInfoFile] [77E135EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AllocateLocallyUniqueId] [77DD748C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InstallApplication] [77E1D7B7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyA] [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetThreadToken] [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AccessCheckByType] [77DDF1C9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!ImpersonateAnonymousToken] [77DE4C5B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSecurityDescriptorLength] [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DuplicateToken] [77DD8211] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptAcquireContextW] [77DE7F99] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!IsValidSecurityDescriptor] [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaClose] [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaFreeMemory] [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaQueryInformationPolicy] [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaOpenPolicy] [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!MakeSelfRelativeSD] [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetServiceStatus] [77DF3251] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DF3E77] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77DF359D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CopySid] [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DeregisterEventSource] [77DF79D3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!ReportEventW] [77DF3681] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegisterEventSourceW] [77DF803C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidIdentifierAuthority] [77DDF23B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!IsValidSid] [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [77DFB461] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CommandLineFromMsiDescriptor] [77DFBE16] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueA] [77DFC79E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetCurrentHwProfileA] [77E0CA61] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueW] [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueA] [77DFC79E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueA] [77DFBB8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AddAccessDeniedAce] [77DF814F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetUserNameA] [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetUserNameW] [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyA] [77DFBCF3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyW] [77DFBA55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyA] [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

[ItsBrucey]

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!MakeSelfRelativeSD] [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorLength] [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorOwner] [77DE4B55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetFileSecurityW] [77DFC003] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [77DFBA55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorControl] [77DE4BB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!EncryptFileW] [77E13390] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!DecryptFileW] [77E133CF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ChangeServiceConfigW] [77E37001] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetNamedSecurityInfoW] [77DE4FE6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ConvertSidToStringSidW] [77DDF10F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenCurrentUser] [77DD811B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [77DF0CF5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessWithLogonW] [77E15FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77DEA8A9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferGetPolicyInformation] [77DF99DD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferiIsExecutableFileType] [77DF98AB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferIdentifyLevel] [77DD9EC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferRecordEventLogEntry] [77E1F78D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferGetLevelInformation] [77DEFCF0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!InstallApplication] [77E1D7B7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferCreateLevel] [77E1E9C5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferComputeTokenFromLevel] [77DDAB3D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferCloseLevel] [77DDAF98] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CheckTokenMembership] [77DD7FCA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupPrivilegeValueW] [77DFB8DF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CommandLineFromMsiDescriptor] [77DFBE16] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetKeySecurity] [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetUserNameW] [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [77DEA3E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!TreeResetNamedSecurityInfoW] [77E223DF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptAcquireContextA] [77DE793D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSignHashA] [77E11FE1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptVerifySignatureA] [77DFC841] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetProviderA] [77E12161] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyExW] [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumValueA] [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteValueA] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegConnectRegistryA] [77E3512A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegConnectRegistryW] [77DF817A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidIdentifierAuthority] [77DDF23B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!IsValidSid] [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CopySid] [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetProvParam] [77E110F1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetProvParam] [77DF1339] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDestroyHash] [77DE9BCC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetHashParam] [77DE9DB4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptHashData] [77DE9A9E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptCreateHash] [77DE9C71] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetKeyParam] [77DF1298] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptExportKey] [77E11BF9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDestroyKey] [77DE9EBC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetUserKey] [77E11B21] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptImportKey] [77DEA1F1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGenKey] [77E11849] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegGetKeySecurity] [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSecurityDescriptorOwner] [77DE4B55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!LookupPrivilegeValueA] [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetKeySecurity] [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DE4B05] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorSacl] [77DF4E8E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DE4B2D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetKeyParam] [77E11A51] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGenRandom] [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetHashParam] [77E12091] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDeriveKey] [77DE9FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptEncrypt] [77DEE360] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDecrypt] [77DEA129] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetDefaultProviderW] [77E12D89] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SystemFunction041] [77DEE4D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!UnlockServiceDatabase] [77E37CE9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ChangeServiceConfigA] [77E36E69] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!LockServiceDatabase] [77E37919] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!QueryServiceConfigA] [77DF1596] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ControlService] [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetUserNameA] [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetUserNameW] [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [77DEA3E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetFileSecurityW] [77DFC003] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!IsValidSecurityDescriptor] [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertSidToStringSidW] [77DDF10F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [77DE2F06] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertSecurityDescriptorToStringSecurityDescriptorW] [77E14A45] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetKeySecurity] [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegGetKeySecurity] [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EnumServicesStatusW] [77E37D61] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaLookupNames2] [77DE5CEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaGetUserName] [77DEE2D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaLookupSids] [77DE58BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CredUnmarshalCredentialW] [77DF6EDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CredFree] [77DEDF8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction034] [77DEDDC6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction007] [77DF52AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Init] [77DE7078] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Update] [77DE7152] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Final] [77DE70B2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction001] [77DED7BA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegFlushKey] [77DF4CE0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ChangeServiceConfigW] [77E37001] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EnumDependentServicesW] [77E375E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ControlService] [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!QueryServiceConfigW] [77DF6F92] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetThreadToken] [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaCreateSecret] [77E1B991] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaQuerySecret] [77E1BF8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaSetSecret] [77E1BE29] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaDelete] [77E1B201] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaSetInformationPolicy] [77E1AFA9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptAcquireContextW] [77DE7F99] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptGenRandom] [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaOpenSecret] [77E1BDB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegConnectRegistryW] [77DF817A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaOpenPolicy] [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaQueryInformationPolicy] [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaFreeMemory] [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaClose] [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [77DD73A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction016] [77E1711F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction006] [77DF5387] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction012] [77E17091] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptAcquireContextA] [77DE793D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptGenRandom] [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyA] [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!TraceEvent] [77E2A901] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!DuplicateTokenEx] [77DD819E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!ConvertStringSidToSidA] [77E14CDC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!SetTokenInformation] [77E0CBCF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E10CE8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorA] [77E14D51] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CheckTokenMembership] [77DD7FCA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteValueA] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

[ItsBrucey]

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!UnregisterTraceGuids] [77DF56DD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegisterTraceGuidsA] [77DF95A1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceLoggerHandle] [77E2AC89] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceEnableLevel] [77E2AD41] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceEnableFlags] [77E2AD86] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetUserNameA] [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetAclInformation] [77DF7E78] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AddAccessDeniedAce] [77DF814F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegGetKeySecurity] [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] [77E37211] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!ChangeServiceConfigA] [77E36E69] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!LookupPrivilegeValueA] [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2516] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorLength] [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorControl] [77DE4BB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!IsValidSecurityDescriptor] [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!ImpersonateNamedPipeClient] [77DD7426] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegisterEventSourceW] [77DF803C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!ReportEventW] [77DF3681] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!DeregisterEventSource] [77DF79D3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!IsValidSid] [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!CopySid] [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction040] [77DF7014] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction041] [77DEE4D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!MakeSelfRelativeSD] [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction036] [77DD82A2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueA] [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!TraceMessage] [77E2B355] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SetThreadToken] [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaOpenPolicy] [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaQueryInformationPolicy] [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaFreeMemory] [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaClose] [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!SystemFunction035] [77DE8185] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [77DFBB8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [77DD73A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DuplicateEncryptionInfoFile] [77E135EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AllocateLocallyUniqueId] [77DD748C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InstallApplication] [77E1D7B7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyA] [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetThreadToken] [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AccessCheckByType] [77DDF1C9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!ImpersonateAnonymousToken] [77DE4C5B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSecurityDescriptorLength] [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DuplicateToken] [77DD8211] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptAcquireContextW] [77DE7F99] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!IsValidSecurityDescriptor] [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaClose] [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaFreeMemory] [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaQueryInformationPolicy] [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaOpenPolicy] [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!MakeSelfRelativeSD] [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetServiceStatus] [77DF3251] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DF3E77] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77DF359D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CopySid] [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DeregisterEventSource] [77DF79D3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!ReportEventW] [77DF3681] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegisterEventSourceW] [77DF803C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidIdentifierAuthority] [77DDF23B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!IsValidSid] [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [77DFB461] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CommandLineFromMsiDescriptor] [77DFBE16] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueA] [77DFC79E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetCurrentHwProfileA] [77E0CA61] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueW] [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueA] [77DFC79E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueA] [77DFBB8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AddAccessDeniedAce] [77DF814F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetUserNameA] [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetUserNameW] [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyA] [77DFBCF3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyW] [77DFBA55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyA] [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!MakeSelfRelativeSD] [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorLength] [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorOwner] [77DE4B55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetFileSecurityW] [77DFC003] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [77DFBA55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorControl] [77DE4BB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!EncryptFileW] [77E13390] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!DecryptFileW] [77E133CF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ChangeServiceConfigW] [77E37001] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetNamedSecurityInfoW] [77DE4FE6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ConvertSidToStringSidW] [77DDF10F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenCurrentUser] [77DD811B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [77DF0CF5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessWithLogonW] [77E15FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77DEA8A9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferGetPolicyInformation] [77DF99DD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferiIsExecutableFileType] [77DF98AB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferIdentifyLevel] [77DD9EC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferRecordEventLogEntry] [77E1F78D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferGetLevelInformation] [77DEFCF0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!InstallApplication] [77E1D7B7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferCreateLevel] [77E1E9C5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferComputeTokenFromLevel] [77DDAB3D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferCloseLevel] [77DDAF98] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CheckTokenMembership] [77DD7FCA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupPrivilegeValueW] [77DFB8DF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CommandLineFromMsiDescriptor] [77DFBE16] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetKeySecurity] [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetUserNameW] [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [77DEA3E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!TreeResetNamedSecurityInfoW] [77E223DF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptAcquireContextA] [77DE793D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSignHashA] [77E11FE1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptVerifySignatureA] [77DFC841] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetProviderA] [77E12161] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyExW] [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumValueA] [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteValueA] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteValueW]

[ItsBrucey]

[77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegConnectRegistryA] [77E3512A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegConnectRegistryW] [77DF817A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidIdentifierAuthority] [77DDF23B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!IsValidSid] [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CopySid] [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetProvParam] [77E110F1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetProvParam] [77DF1339] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDestroyHash] [77DE9BCC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetHashParam] [77DE9DB4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptHashData] [77DE9A9E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptCreateHash] [77DE9C71] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetKeyParam] [77DF1298] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptExportKey] [77E11BF9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDestroyKey] [77DE9EBC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetUserKey] [77E11B21] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptImportKey] [77DEA1F1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGenKey] [77E11849] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegGetKeySecurity] [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSecurityDescriptorOwner] [77DE4B55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!LookupPrivilegeValueA] [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetKeySecurity] [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DE4B05] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorSacl] [77DF4E8E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DE4B2D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetKeyParam] [77E11A51] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGenRandom] [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetHashParam] [77E12091] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDeriveKey] [77DE9FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptEncrypt] [77DEE360] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDecrypt] [77DEA129] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetDefaultProviderW] [77E12D89] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SystemFunction041] [77DEE4D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!UnlockServiceDatabase] [77E37CE9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ChangeServiceConfigA] [77E36E69] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!LockServiceDatabase] [77E37919] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!QueryServiceConfigA] [77DF1596] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ControlService] [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetUserNameA] [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetUserNameW] [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [77DEA3E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetFileSecurityW] [77DFC003] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!IsValidSecurityDescriptor] [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertSidToStringSidW] [77DDF10F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [77DE2F06] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertSecurityDescriptorToStringSecurityDescriptorW] [77E14A45] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetKeySecurity] [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegGetKeySecurity] [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EnumServicesStatusW] [77E37D61] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaLookupNames2] [77DE5CEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaGetUserName] [77DEE2D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaLookupSids] [77DE58BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CredUnmarshalCredentialW] [77DF6EDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CredFree] [77DEDF8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction034] [77DEDDC6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction007] [77DF52AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Init] [77DE7078] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Update] [77DE7152] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Final] [77DE70B2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction001] [77DED7BA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegFlushKey] [77DF4CE0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ChangeServiceConfigW] [77E37001] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EnumDependentServicesW] [77E375E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ControlService] [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!QueryServiceConfigW] [77DF6F92] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetThreadToken] [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaCreateSecret] [77E1B991] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaQuerySecret] [77E1BF8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaSetSecret] [77E1BE29] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaDelete] [77E1B201] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaSetInformationPolicy] [77E1AFA9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptAcquireContextW] [77DE7F99] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptGenRandom] [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaOpenSecret] [77E1BDB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegConnectRegistryW] [77DF817A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaOpenPolicy] [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaQueryInformationPolicy] [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaFreeMemory] [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaClose] [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [77DD73A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction016] [77E1711F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction006] [77DF5387] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction012] [77E17091] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptAcquireContextA] [77DE793D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptGenRandom] [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyA] [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!TraceEvent] [77E2A901] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!DuplicateTokenEx] [77DD819E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!ConvertStringSidToSidA] [77E14CDC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!SetTokenInformation] [77E0CBCF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E10CE8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorA] [77E14D51] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CheckTokenMembership] [77DD7FCA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteValueA] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!UnregisterTraceGuids] [77DF56DD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegisterTraceGuidsA] [77DF95A1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceLoggerHandle] [77E2AC89] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceEnableLevel] [77E2AD41] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceEnableFlags] [77E2AD86] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetUserNameA] [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetAclInformation] [77DF7E78] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AddAccessDeniedAce] [77DF814F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegGetKeySecurity] [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

[ItsBrucey]

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] [77E37211] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!ChangeServiceConfigA] [77E36E69] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!LookupPrivilegeValueA] [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Windows Sidebar\sidebar.exe[2828] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [03D61729] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [03D61729] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [03D61729] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [03D61701] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [03D61729] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [03D61729] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [03D61701] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [03D61729] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [03D61701] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [03D61729] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [03D61701] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [03D61729] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [03D61701] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [03D616E0] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [03D616BF] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3292] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [03D61751] C:\WINDOWS\system32\kusers.dll (Generic Research Plugin/Generic Research Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [888] 0x00D00000

Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [932] 0x02B00000

Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [932] 0x02CF0000

Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1024] 0x00A00000

Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1024] 0x00AB0000

Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1120] 0x00A00000

Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1120] 0x00AB0000

Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1200] 0x00A00000

Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1200] 0x00AB0000

Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1444] 0x00A00000

Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1444] 0x00AB0000

Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1824] 0x00A00000

Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1824] 0x00AB0000

Library \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [2420] 0x00A00000

Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [2420] 0x00AB0000

Library \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3292] 0x00F90000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\ef6c3899705d7db453751ff210073ae1.sys (*** hidden *** ) [bOOT] ef6c3899705d7db453751ff210073ae1 <-- ROOTKIT !!!

Service C:\WINDOWS\system32\drivers\SKYNETetxxtqgf.sys (*** hidden *** ) [sYSTEM] SKYNETktgkjoel <-- ROOTKIT !!!

Service C:\WINDOWS\system32\drivers\UACsklfrmupqowqppy.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1@c &registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ef6c3899705d7db453751ff210073ae1&download_period=846000&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=ef6c3899705d7db453751ff210073ae1&path=system32\ef6c3899705d7db453751ff210073ae1.sys&wmid=Df0014&idate=2009-06-06 14:24:02:640&last_download_time=2009-8-31 10:48:50.546&first_skip=1&last_update_ip_pos=1&fails_0=5&fails_1=3

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1@Tag 15

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1@ImagePath system32\ef6c3899705d7db453751ff210073ae1.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1@DisplayName ef6c3899705d7db453751ff210073ae1

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1@Group System Bus Extender

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\ef6c3899705d7db453751ff210073ae1\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel@imagepath \systemroot\system32\drivers\SKYNETetxxtqgf.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\main

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\main@aid 10033

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\main@sid 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\main@cmddelay 7200

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\main\delete

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\main\injector

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\main\injector@* SKYNETwsp.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\main\tasks

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETetxxtqgf.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\modules@SKYNETcmd.dll \systemroot\system32\SKYNETpjjhmfci.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\modules@SKYNETlog.dat \systemroot\system32\SKYNETabgdenlw.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\modules@SKYNETwsp.dll \systemroot\system32\SKYNETiewapjet.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETktgkjoel\modules@SKYNET.dat \systemroot\system32\SKYNETkylkjjva.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACsklfrmupqowqppy.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACsklfrmupqowqppy.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACxwjtepxmpqotvyq.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACjevrwsqoaettomq.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACvxdonrowpjkjiyu.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACtiomgkyqojdsmpy.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACniqjxfqhhlralat.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACiotbrblbhprwjya.db

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACboepbouddrilrjc.log

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACrvdjbmguhfhichd.log

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACmcenaxlhfpgcdyo.log

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1@c &registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ef6c3899705d7db453751ff210073ae1&download_period=846000&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=ef6c3899705d7db453751ff210073ae1&path=system32\ef6c3899705d7db453751ff210073ae1.sys&wmid=Df0014&idate=2009-06-06 14:24:02:640&last_download_time=2009-8-31 10:48:50.546&first_skip=1&last_update_ip_pos=1&fails_0=5&fails_1=3

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1@Type 1

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1@Start 0

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1@Tag 15

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1@ImagePath system32\ef6c3899705d7db453751ff210073ae1.sys

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1@DisplayName ef6c3899705d7db453751ff210073ae1

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1@Group System Bus Extender

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1\Security (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\ef6c3899705d7db453751ff210073ae1\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel@imagepath \systemroot\system32\drivers\SKYNETetxxtqgf.sys

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\main@aid 10033

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\main@sid 0

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\main@cmddelay 7200

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\main\injector@* SKYNETwsp.dll

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETetxxtqgf.sys

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\modules@SKYNETcmd.dll \systemroot\system32\SKYNETpjjhmfci.dll

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\modules@SKYNETlog.dat \systemroot\system32\SKYNETabgdenlw.dat

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\modules@SKYNETwsp.dll \systemroot\system32\SKYNETiewapjet.dll

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETktgkjoel\modules@SKYNET.dat \systemroot\system32\SKYNETkylkjjva.dat

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACsklfrmupqowqppy.sys

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACsklfrmupqowqppy.sys

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACxwjtepxmpqotvyq.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACjevrwsqoaettomq.dat

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACvxdonrowpjkjiyu.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACtiomgkyqojdsmpy.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACniqjxfqhhlralat.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACiotbrblbhprwjya.db

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACkkyabbgrroxulsr.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxrkkvrdovjsxvlc.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACboepbouddrilrjc.log

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACrvdjbmguhfhichd.log

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACmcenaxlhfpgcdyo.log

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\e8a71f9d1997718e20\uaclauncher.exe 48976 bytes executable

File C:\Program Files\NetMeeting\BG_ADOBE.GIF 24910 bytes

File C:\Program Files\NetMeeting\bg_Casual.gif 5661 bytes

File C:\Program Files\NetMeeting\bg_Country.gif 32211 bytes

File C:\Program Files\NetMeeting\bg_Earthy.gif 4906 bytes

File C:\Program Files\NetMeeting\bg_GreenTea.gif 22160 bytes

File C:\Program Files\NetMeeting\bg_Groove.gif 106 bytes

File C:\Program Files\NetMeeting\bg_LightSpirit.gif 8614 bytes

File C:\Program Files\NetMeeting\bg_OliveGreen.gif 15703 bytes

File C:\Program Files\NetMeeting\bg_Premium.gif 6213 bytes

File C:\Program Files\NetMeeting\bg_SlateBlue.gif 20801 bytes

File C:\Program Files\NetMeeting\bg_TexturedBlue.gif 6460 bytes

File C:\Program Files\NetMeeting\bg_VelvetRose.gif 15460 bytes

File C:\Program Files\NetMeeting\FormsStyles 0 bytes

---- EOF - GMER 1.0.15 ----

[kahdah]

First temporarily disable any antivirus program or any real time shields that are present:

If you do not know how then you can refer to this link:

http://www.bleepingcomputer.com/forums/topic114351.html

================

Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.

Link 1

Link 2

--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.

• When finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt
  

[ItsBrucey]

ComboFix 09-09-02.02 - Administrator 09/02/2009 21:03.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1746 [GMT -6:00]

Running from: c:\documents and settings\Administrator\Desktop\kahdah.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\93333426.ini

c:\windows\system32\drivers\SKYNETetxxtqgf.sys

c:\windows\system32\drivers\UACsklfrmupqowqppy.sys

c:\windows\system32\kdpini.dll

c:\windows\system32\kuSErs.dll

c:\windows\system32\SKYNETabgdenlw.dat

c:\windows\system32\SKYNETiewapjet.dll

c:\windows\system32\SKYNETkylkjjva.dat

c:\windows\system32\SKYNETpjjhmfci.dll

c:\windows\system32\UACboepbouddrilrjc.log

c:\windows\system32\uacinit.dll

c:\windows\system32\UACiotbrblbhprwjya.db

c:\windows\system32\UACjevrwsqoaettomq.dat

c:\windows\system32\UACkkyabbgrroxulsr.dll

c:\windows\system32\UACmcenaxlhfpgcdyo.log

c:\windows\system32\UACniqjxfqhhlralat.dll

c:\windows\system32\UACrvdjbmguhfhichd.log

c:\windows\system32\UACtiomgkyqojdsmpy.dll

c:\windows\system32\uactmp.db

c:\windows\system32\UACvxdonrowpjkjiyu.dll

c:\windows\system32\UACxrkkvrdovjsxvlc.dll

c:\windows\system32\UACxwjtepxmpqotvyq.dll

.

((((((((((((((((((((((( (((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_SKYNETktgkjoel

-------\Legacy_SKYNETktgkjoel

-------\Service_UACd.sys

-------\Legacy_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))

.

2009-09-03 01:20 . 2009-09-03 01:20 288768 ----a-w- C:\ii9vvy9c.exe

2009-08-17 02:54 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll

2009-08-17 02:54 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll

2009-08-17 02:54 . 2009-06-25 08:41 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll

2009-08-17 02:54 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys

2009-08-17 00:11 . 2009-08-17 00:11 0 ----a-w- c:\documents and settings\Administrator\settings.dat

2009-08-16 23:55 . 2009-08-16 23:55 -------- d-----w- C:\_OTM

2009-08-16 23:50 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe

2009-08-16 23:50 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe

2009-08-16 23:49 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll

2009-08-16 23:49 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll

2009-08-16 23:49 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll

2009-08-16 23:49 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll

2009-08-16 23:13 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-08-16 23:09 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-07 15:09 . 2009-08-07 15:09 1155584 ----a-w- c:\documents and settings\Administrator\temp.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-02 20:00 . 2009-06-05 23:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire

2009-08-31 16:49 . 2009-06-04 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-08 18:29 . 2009-06-03 23:02 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 05:43 . 2009-02-01 09:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:23 . 2009-02-01 09:00 828928 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:23 . 2009-02-01 08:58 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:23 . 2009-02-01 08:57 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-26 21:11 . 2009-02-01 08:58 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:41 . 2009-02-01 08:59 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:41 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:41 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:41 . 2009-02-01 08:59 136704 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:41 . 2009-02-01 08:58 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 10:28 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2008-04-14 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2008-04-14 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:13 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:17 . 2009-02-01 09:00 134144 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-09 15:21 . 2009-06-03 23:01 2067968 ----a-w- c:\windows\system32\mstscax.dll

2009-06-08 23:17 . 2009-06-08 23:17 77824 ----a-w- c:\documents and settings\Administrator\Administrator1.exe

2009-06-05 21:58 . 2009-06-05 21:58 0 ----a-w- c:\windows\nsreg.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

..

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-23 1247232]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-01 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-01 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-01 114688]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-6-3 128000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\baffddbedb]

2004-07-04 06:04 281103 ------w- c:\windows\system32\baffddbedb.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

.

Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{53F163D4-34E9-48EA-BEB8-9A4FD6B30A83}.job

- c:\windows\system32\msfeedssync.exe [2008-04-14 01:36]

.

- - - - ORPHANS REMOVED - - - -

BHO-{93E601D3-978D-4D52-AC7F-D541E5F7CA51} - c:\docume~1\ADMINI~1\LOCALS~1\Temp\~2F3.dll

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z8zu1mi8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-02 21:06

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ....

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\ef6c3899705d7db453751ff210073ae1.sys 39936 bytes executable

c:\windows\system32\_ef6c3899705d7db453751ff210073ae1.sys_.vir 39936 bytes executable

scan completed successfully

hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ef6c3899705d7db453751ff210073ae1]

"ImagePath"="system32\ef6c3899705d7db453751ff210073ae1.sys"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\baffddbedb.dll

c:\windows\system32\WININET.dll

c:\program files\Bonjour\mdnsNSP.dll

.

Completion time: 2009-09-03 21:07

ComboFix-quarantined-files.txt 2009-09-03 03:07

Pre-Run: 25,175,908,352 bytes free

Post-Run: 25,179,725,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

180 --- E O F --- 2009-09-02 05:31

[kahdah]

1. Please open Notepad

• Click Start , then Run
  
• type in notepad in the Run Box then hit ok.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Rootkit::
c:\windows\system32\ef6c3899705d7db453751ff210073ae1.sys 
c:\windows\system32\_ef6c3899705d7db453751ff210073ae1.sys_.vir

File::
c:\documents and settings\Administrator\Administrator1.exe
c:\documents and settings\Administrator\temp.exe
c:\windows\system32\baffddbedb.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\baffddbedb]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

• Combofix.txt
  

[ItsBrucey]

ComboFix 09-09-02.02 - Administrator 09/02/2009 21:40.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1628 [GMT -6:00]

Running from: c:\documents and settings\Administrator\Desktop\kahdah.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt

FILE ::

"c:\documents and settings\Administrator\Administrator1.exe"

"c:\documents and settings\Administrator\temp.exe"

"c:\windows\system32\baffddbedb.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Administrator1.exe

c:\documents and settings\Administrator\temp.exe

c:\windows\system32\baffddbedb.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_ef6c3899705d7db453751ff210073ae1

((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))

.

2009-09-03 03:43 . 2009-09-03 03:43 -------- d-----w- c:\windows\system32\wbem\snmp

2009-09-03 03:43 . 2009-09-03 03:43 -------- d-----w- c:\windows\system32\xircom

2009-09-03 03:43 . 2009-09-03 03:43 -------- d-----w- c:\program files\microsoft frontpage

2009-09-03 01:20 . 2009-09-03 01:20 288768 ----a-w- C:\ii9vvy9c.exe

2009-08-17 02:54 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll

2009-08-17 02:54 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll

2009-08-17 02:54 . 2009-06-25 08:41 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll

2009-08-17 02:54 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys

2009-08-17 00:11 . 2009-08-17 00:11 0 ----a-w- c:\documents and settings\Administrator\settings.dat

2009-08-16 23:55 . 2009-08-16 23:55 -------- d-----w- C:\_OTM

2009-08-16 23:50 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe

2009-08-16 23:50 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe

2009-08-16 23:49 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll

2009-08-16 23:49 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll

2009-08-16 23:49 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll

2009-08-16 23:49 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll

2009-08-16 23:13 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-08-16 23:09 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-02 20:00 . 2009-06-05 23:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire

2009-08-31 16:49 . 2009-06-04 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-08 18:29 . 2009-06-03 23:02 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 05:43 . 2009-02-01 09:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:23 . 2009-02-01 09:00 828928 ------w- c:\windows\system32\wininet.dll

2009-06-29 16:23 . 2009-02-01 08:58 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:23 . 2009-02-01 08:57 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-26 21:11 . 2009-02-01 08:58 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:41 . 2009-02-01 08:59 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:41 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:41 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:41 . 2009-02-01 08:59 136704 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:41 . 2009-02-01 08:58 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 10:28 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2008-04-14 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2008-04-14 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:13 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:17 . 2009-02-01 09:00 134144 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-09 15:21 . 2009-06-03 23:01 2067968 ----a-w- c:\windows\system32\mstscax.dll

2009-06-05 21:58 . 2009-06-05 21:58 0 ----a-w- c:\windows\nsreg.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-09-03_03.06.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-03 03:44 . 2009-09-03 03:44 16384 c:\windows\temp\Perflib_Perfdata_748.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-23 1247232]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-01 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-01 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-01 114688]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-6-3 128000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

.

Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{53F163D4-34E9-48EA-BEB8-9A4FD6B30A83}.job

- c:\windows\system32\msfeedssync.exe [2008-04-14 01:36]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z8zu1mi8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-02 21:47

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite-journal 0 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3772)

c:\windows\system32\WININET.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-09-03 21:50 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-03 03:50

ComboFix2.txt 2009-09-03 03:08

Pre-Run: 25,164,242,944 bytes free

Post-Run: 25,072,128,000 bytes free

173 --- E O F --- 2009-09-02 05:31

[kahdah]

First: Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

• Click on the update tab then click on Check for updates.
  
• If an update is found, it will download and install the latest version.
  
• Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Second: Online Scanner

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

[ItsBrucey]

Malwarebytes' Anti-Malware 1.40

Database version: 2735

Windows 5.1.2600 Service Pack 3

9/3/2009 9:20:45 AM

mbam-log-2009-09-03 (09-20-37).txt

Scan type: Full Scan (C:\|)

Objects scanned: 112316

Time elapsed: 12 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 17

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{6494b9be-3a4c-11de-91d2-bd8055d89593} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Application Data\13323434 (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\93333426 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\All Users\Application Data\13323434\13323434.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\93333426\93333426.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACkkyabbgrroxulsr.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACniqjxfqhhlralat.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtiomgkyqojdsmpy.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvxdonrowpjkjiyu.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxrkkvrdovjsxvlc.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxwjtepxmpqotvyq.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACsklfrmupqowqppy.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{561BFCF0-8FC2-4EB3-A69E-305888AB55F2}\RP6\A0002004.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{561BFCF0-8FC2-4EB3-A69E-305888AB55F2}\RP6\A0002005.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{561BFCF0-8FC2-4EB3-A69E-305888AB55F2}\RP6\A0002006.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{561BFCF0-8FC2-4EB3-A69E-305888AB55F2}\RP6\A0002007.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{561BFCF0-8FC2-4EB3-A69E-305888AB55F2}\RP6\A0002008.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{561BFCF0-8FC2-4EB3-A69E-305888AB55F2}\RP6\A0002009.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{561BFCF0-8FC2-4EB3-A69E-305888AB55F2}\RP6\A0002010.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\13323434\13323434.glu (Rogue.Multiple) -> Quarantined and deleted successfully.

[ItsBrucey]

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Thursday, September 3, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, September 03, 2009 16:12:58

Records in database: 2742587

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Objects scanned: 26853

Threats found: 5

Infected objects found: 9

Suspicious objects found: 0

Scan duration: 00:33:43

File name / Threat / Threats count

C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\zac brown band got whatever it.wma Infected: Trojan-Downloader.Multi.MusLdr.c 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\baffddbedb.dll.vir Infected: Worm.Win32.AutoRun.aaeu 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\kusers.dll.vir Infected: Trojan.Win32.BHO.xmh 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\_baffddbedb_.dll.zip Infected: Worm.Win32.AutoRun.aaeu 1

C:\Qoobox\Quarantine\[4]-Submit_2009-09-02_21.40.45.zip Infected: Trojan.Win32.FraudPack.pyi 1

C:\Qoobox\Quarantine\[4]-Submit_2009-09-02_21.40.45.zip Infected: Worm.Win32.AutoRun.aaeu 1

C:\System Volume Information\_restore{561BFCF0-8FC2-4EB3-A69E-305888AB55F2}\RP6\A0002034.dll Infected: Trojan.Win32.BHO.xmh 1

C:\System Volume Information\_restore{561BFCF0-8FC2-4EB3-A69E-305888AB55F2}\RP6\A0002117.dll Infected: Worm.Win32.AutoRun.aaeu 1

C:\System Volume Information\_restore{561BFCF0-8FC2-4EB3-A69E-305888AB55F2}\RP6\A0002253.exe Infected: Trojan-Downloader.Win32.FraudLoad.wcle 1

Selected area has been scanned.

[kahdah]

Please navigate to this location C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\ then delete this file :zac brown band got whatever it.wma

Then do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

================

AFter that let me know how things are running?

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
    

[ItsBrucey]

OTL logfile created on: 9/3/2009 3:25:58 PM - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.78% Memory free

3.84 Gb Paging File | 3.60 Gb Available in Paging File | 93.76% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 23.29 Gb Free Space | 62.50% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: WELLS-DC6FB4F6E

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\ibmpmsvc.exe ()

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\System32\ibmpmsvc.exe ()

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)

DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys (IBM Corp.)

DRV - (NSCIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys (National Semiconductor Corporation)

DRV - (portio [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NscTpmDD.sys (National Semiconductor Corp.)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\vinyl97.sys (VIA Technologies, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"

FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=SOLTDF&q="

FF - prefs.js..browser.search.selectedEngine: "Live Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.48

FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=SOLTDF&q="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/05 16:00:09 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/06 20:32:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/06 20:32:23 | 00,000,000 | ---D | M]

[2009/06/05 17:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions

[2009/06/05 15:58:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/06/05 17:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\mozswing@mozswing.org

[2009/09/02 19:41:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z8zu1mi8.default\extensions

[2009/07/01 06:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z8zu1mi8.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}

[2009/06/08 22:04:27 | 00,001,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\z8zu1mi8.default\searchplugins\live-search.xml

[2009/09/02 19:41:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/08/06 20:32:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/06/05 16:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009/06/06 19:10:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/08/06 20:32:17 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/08/06 20:32:17 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/08/06 20:32:17 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/06/06 12:07:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/04/23 18:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/04/23 18:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/04/23 18:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/04/23 18:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/04/23 18:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/04/23 18:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/04/23 18:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File not found

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File not found

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/03 17:12:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/03 15:18:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/09/03 10:16:26 | 00,004,733 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Kasperskylog.html

[2009/09/03 09:02:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2009/09/03 09:02:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/03 09:02:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/09/03 09:02:40 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/09/03 09:02:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/09/03 09:02:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/09/03 09:02:06 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\hmmm.exe

[2009/09/02 21:43:50 | 00,000,000 | ---D | C] -- C:\Program Files\xerox

[2009/09/02 21:43:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom

[2009/09/02 21:43:48 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2009/09/02 21:42:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/09/02 21:40:15 | 00,000,000 | --SD | C] -- C:\kahdah

[2009/09/02 21:07:04 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll

[2009/09/02 21:07:04 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll

[2009/09/02 21:07:04 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll

[2009/09/02 21:07:04 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll

[2009/09/02 21:07:04 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll

[2009/09/02 21:07:04 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll

[2009/09/02 21:07:04 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll

[2009/09/02 21:07:04 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll

[2009/09/02 21:07:04 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll

[2009/09/02 21:07:04 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys

[2009/09/02 21:07:04 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll

[2009/09/02 21:07:04 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll

[2009/09/02 21:07:04 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll

[2009/09/02 21:07:04 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll

[2009/09/02 21:07:04 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll

[2009/09/02 21:07:04 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe

[2009/09/02 21:07:03 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll

[2009/09/02 21:07:03 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll

[2009/09/02 21:07:03 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll

[2009/09/02 21:07:03 | 00,576,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys

[2009/09/02 21:07:03 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll

[2009/09/02 21:07:03 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll

[2009/09/02 21:07:03 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll

[2009/09/02 21:07:03 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll

[2009/09/02 21:07:03 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll

[2009/09/02 21:07:03 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll

[2009/09/02 21:07:03 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll

[2009/09/02 21:07:03 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll

[2009/09/02 21:07:03 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll

[2009/09/02 21:07:03 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll

[2009/09/02 21:07:03 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll

[2009/09/02 21:07:03 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys

[2009/09/02 21:07:03 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll

[2009/09/02 21:07:03 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys

[2009/09/02 21:07:03 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys

[2009/09/02 21:07:03 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll

[2009/09/02 21:07:03 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys

[2009/09/02 21:07:03 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys

[2009/09/02 21:07:02 | 03,600,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll

[2009/09/02 21:07:02 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe

[2009/09/02 21:07:02 | 02,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe

[2009/09/02 21:07:02 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe

[2009/09/02 21:07:02 | 00,991,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll

[2009/09/02 21:07:02 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll

[2009/09/02 21:07:02 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll

[2009/09/02 21:07:02 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe

[2009/09/02 21:07:02 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys

[2009/09/02 21:07:02 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll

[2009/09/02 21:07:02 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys

[2009/09/02 21:07:02 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe

[2009/09/02 21:07:02 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll

[2009/09/02 21:07:02 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll

[2009/09/02 21:07:02 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe

[2009/09/02 21:07:02 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe

[2009/09/02 21:07:02 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys

[2009/09/02 21:07:02 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe

[2009/09/02 21:07:02 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll

[2009/09/02 21:07:02 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe

[2009/09/02 21:07:02 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe

[2009/09/02 21:07:02 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe

[2009/09/02 21:07:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009/09/02 20:49:22 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/09/02 20:49:17 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/09/02 20:49:16 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/09/02 20:47:21 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/09/02 20:47:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/09/02 20:47:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/09/02 20:47:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/09/02 20:47:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/09/02 20:47:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/09/02 20:47:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/09/02 20:47:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/09/02 20:47:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/09/02 20:45:44 | 03,191,196 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\kahdah.exe

[2009/09/02 19:20:21 | 00,288,768 | ---- | C] () -- C:\ii9vvy9c.exe

[2009/09/02 19:02:20 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2009/08/16 20:54:37 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll

[2009/08/16 20:54:37 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll

[2009/08/16 20:54:37 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys

[2009/08/16 20:54:37 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll

[2009/08/16 18:04:47 | 04,134,912 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\content_m.xml

[2009/08/16 18:04:47 | 03,557,888 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\backup.dll

[2009/08/16 18:04:47 | 03,509,248 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\WinAntiSpyware2006FreeInstall[1].exe

[2009/08/16 18:04:47 | 03,031,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\flylib.dll

[2009/08/16 18:04:47 | 02,915,328 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\nwnmff_8.exe

[2009/08/16 18:01:29 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/08/16 17:55:06 | 00,000,000 | ---D | C] -- C:\_OTM

[2009/08/16 17:50:01 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe

[2009/08/16 17:50:01 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe

[2009/08/16 17:49:53 | 00,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll

[2009/08/16 17:49:46 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll

[2009/08/16 17:49:37 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll

[2009/08/16 17:49:16 | 02,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll

[2009/08/16 17:48:41 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009/08/16 17:13:50 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll

[2009/08/16 17:09:36 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

[2009/08/16 16:27:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files

[2009/08/16 16:03:41 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2009/08/07 09:12:06 | 02,853,376 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ibm00003.exe

[2009/08/07 09:12:06 | 02,017,792 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\msplug.dll

[2009/08/07 09:12:06 | 01,122,304 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\spcksys.dll

[2009/08/07 09:12:06 | 00,544,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jukebox.scr

[2009/08/07 09:12:06 | 00,281,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\drsmartload95a.exe

[2009/06/28 11:34:08 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/06/03 18:39:59 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\tpinspm.dll

[2009/06/03 17:03:10 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2009/06/03 17:03:10 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2009/06/03 17:03:10 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/04/14 06:00:00 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini

[2008/04/14 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2003/06/24 14:43:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

========== Files - Modified Within 30 Days ==========

[2009/09/03 10:16:27 | 00,004,733 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Kasperskylog.html

[2009/09/03 09:30:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/03 09:22:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/03 09:22:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/09/03 09:21:16 | 02,691,560 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2009/09/03 09:02:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/03 09:02:10 | 03,942,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\hmmm.exe

[2009/09/03 08:54:09 | 00,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{53F163D4-34E9-48EA-BEB8-9A4FD6B30A83}.job

[2009/09/02 21:47:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/09/02 21:47:11 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/09/02 20:49:23 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/09/02 20:45:46 | 03,191,196 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\kahdah.exe

[2009/09/02 19:20:21 | 00,288,768 | ---- | M] () -- C:\ii9vvy9c.exe

[2009/09/02 19:02:21 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2009/09/02 12:13:06 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/08/31 10:50:29 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/08/31 10:49:19 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2009/08/16 18:04:47 | 04,134,912 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\content_m.xml

[2009/08/16 18:04:47 | 03,557,888 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\backup.dll

[2009/08/16 18:04:47 | 03,509,248 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\WinAntiSpyware2006FreeInstall[1].exe

[2009/08/16 18:04:47 | 03,031,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\flylib.dll

[2009/08/16 18:04:47 | 02,915,328 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\nwnmff_8.exe

[2009/08/07 09:14:30 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/07 09:12:06 | 02,853,376 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ibm00003.exe

[2009/08/07 09:12:06 | 02,017,792 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\msplug.dll

[2009/08/07 09:12:06 | 01,122,304 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\spcksys.dll

[2009/08/07 09:12:06 | 00,544,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jukebox.scr

[2009/08/07 09:12:06 | 00,281,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\drsmartload95a.exe

[2009/08/05 03:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll

[2009/08/05 03:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

< End of report >

[ItsBrucey]

Thank you very much, I have submitted the submit.zip. Everything seems to be running fine. Am I supposed to delete all these programs now?? Such as combofix and OTL??

[kahdah]

Yes we are quite done yet just some straglers and some of the program we used will be removed by doing the following:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  [2009/08/07 09:12:06 | 00,281,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\drsmartload95a.exe
  [2009/08/16 18:04:47 | 03,509,248 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\WinAntiSpyware2006FreeInstall[1].exe
  [2009/08/16 18:04:47 | 03,031,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\flylib.dll
  [2009/08/16 18:04:47 | 02,915,328 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\nwnmff_8.exe
  [2009/08/07 09:14:30 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  [2009/09/02 20:45:46 | 03,191,196 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\kahdah.exe
  [2009/09/02 19:20:21 | 00,288,768 | ---- | M] () -- C:\ii9vvy9c.exe
  [2009/09/02 20:47:21 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
  [2009/09/02 20:47:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
  [2009/09/02 20:47:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
  [2009/09/02 20:47:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
  [2009/09/02 20:47:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
  [2009/09/02 20:47:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
  [2009/09/02 20:47:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
  [2009/09/02 20:47:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
  
  :Commands
  [emptytemp]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• It will produce a log for you on reboot, please post that log in your next reply.
  

[ItsBrucey]

Everything was working good, however after this last OTL fix... NOW For some reason there is a prompt in the bottom left of my screen saying my windows version is not validated????

I had to download a plugin to validate it i guess called WGAplugin by following microsofts prompts and they still say my version is counterfeit or whatever?

[kahdah]

The items removed were not from Windows they were only from the tools we used.

You can validate it over the net or call Microsoft there will be a telephone number prompt if you cannot validate it online.

There is no reason that that should have happened at all.